ffmpeg | branch: release/2.4 | Luca Barbato <[email protected]> | Fri Oct 17 10:07:10 2014 +0100| [608e8d8dd754199b657b439f9e722e0b45f84461] | committer: Vittorio Giovara
vf_drawtext: Do not leak the mmapped textfile And validate its size while at it. CC: [email protected] Bug-Id: CID 1244189 > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=608e8d8dd754199b657b439f9e722e0b45f84461 --- libavfilter/vf_drawtext.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavfilter/vf_drawtext.c b/libavfilter/vf_drawtext.c index 892104d..d954fdf 100644 --- a/libavfilter/vf_drawtext.c +++ b/libavfilter/vf_drawtext.c @@ -398,8 +398,11 @@ static av_cold int init(AVFilterContext *ctx) return err; } - if (!(s->text = av_malloc(textbuf_size+1))) + if (textbuf_size > SIZE_MAX - 1 || + !(s->text = av_malloc(textbuf_size + 1))) { + av_file_unmap(textbuf, textbuf_size); return AVERROR(ENOMEM); + } memcpy(s->text, textbuf, textbuf_size); s->text[textbuf_size] = 0; av_file_unmap(textbuf, textbuf_size); _______________________________________________ ffmpeg-cvslog mailing list [email protected] http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
